On Mon, Dec 31, 2012 at 10:20:47AM -0500, Eric Paris wrote: > > Is there anything which prevents an unpriv application from changing > mm.mm_start_code and mm.mm_end_code in the image, thus taking advantage > of the privileged restore code to bypass the mmap_min_addr > restrictions?
Well, you can assign some values in image directly (note the crtools is running with root priveleges and image files have appropriate owner:group) because image format is opened and well known from crtools source code or from protobufer files we use to descibe the entries in image. Thus it's assumed that administrator/root guarantee that images are not modified after checkpoint (image signing, checksumming and such). Also note the members being assigned in this prctl call are not critical but rather used for statistics output in procfs as far as I remember. Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/